Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0424

6 documents6 sources

Severity

7.2HIGH

EPSS

0.2%

top 52.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Linux Kernel SGI Propack Slackware Slackware Linux

Timeline

PublishedJul 7

Latest updateMay 3

Description

Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶NVDlinux/linux_kernel9 versions+8

▶NVDslackware/slackware_linux9.1, current+1

▶NVDsgi/propack3.0

Patches

Patch: www.isec.pl ↗Patch: www.linuxsecurity.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-6945-86vq-2qgg: Integer overflow in the ip_setsockopt function in Linux kernel 2↗2022-05-03

▶

CVEList

CVE-2004-0424: Integer overflow in the ip_setsockopt function in Linux kernel 2↗2004-04-30

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel 2.6.3 - 'setsockopt' Local Denial of Service↗2004-04-21

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-04-20

▶

💬Community

Bugzilla

CVE-2004-0424 security flaw↗2018-08-16

▶